Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Horrible lag, settings changed, help me!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 6th, 2008, 12:16 pm

how we doing?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 7th, 2008, 4:32 am

sorry for the delay. here is the combofix log.



ComboFix 08-07-03.5 - USER 2008-07-08 1:24:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.490 [GMT -7:00]
Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\regxpcom.exe
C:\WINDOWS\system32\{41957f54-8c2c-de81-f2a7-893c69fd2cf2}.dll
C:\WINDOWS\system32\drivers\evolusb.sy
C:\WINDOWS\system32\pinkip.ico
C:\windows\system32\rwwnw64d.exe
C:\WINDOWS\system32\sgeqbfmj.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\xdulewds.VIR
C:\WINDOWS\VVNFUg\pphIo0.vbs
E:\maple story\npkycryp.sy
C:\Documents and Settings\ShoppingReport :#:
C:\Documents and Settings\report :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Avira
C:\Program Files\BoontyGames
C:\regxpcom.exe
C:\TEMP\syschk3
C:\TEMP\syschk3\tdirp5.log
C:\WINDOWS\system32\bam
C:\WINDOWS\system32\modtrux18
C:\WINDOWS\system32\modtrux18\modtrux182328.exe
C:\WINDOWS\system32\mp
C:\WINDOWS\system32\mp\dvsid140.exe
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vec3
C:\WINDOWS\system32\vec3\wesamdir.exe
C:\WINDOWS\system32\xdulewds.VIR
C:\WINDOWS\system32\xsir
C:\WINDOWS\system32\xsir\dragGLL1.exe
C:\WINDOWS\VVNFUg
C:\WINDOWS\VVNFUg\pphIo0.vbs

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-03 13:10 . 2008-07-03 13:13 <DIR> d-------- C:\WINDOWS\SrInstallTemp
2008-07-03 13:10 . 2008-07-03 13:13 <DIR> d-------- C:\Program Files\Sr
2008-07-02 13:33 . 2005-02-02 01:41 67,456 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-07-02 13:33 . 2002-10-09 06:08 95 --a------ C:\WINDOWS\msje8tp.dat
2008-07-02 13:32 . 2008-07-02 13:32 <DIR> d-------- C:\Upload
2008-07-02 13:32 . 2008-07-02 13:32 <DIR> d-------- C:\ReplaceOnReboot
2008-07-02 13:32 . 2008-07-02 13:32 0 --a------ C:\WINDOWS\system32\lockscr.dat
2008-07-02 13:28 . 2002-10-08 16:08 290,816 --a------ C:\WINDOWS\system32\WINHTTP5.DLL
2008-06-30 21:17 . 2008-06-30 21:17 <DIR> d-------- C:\Documents and Settings\ShoppingReport
2008-06-30 21:17 . 2008-06-30 21:17 <DIR> d-------- C:\Documents and Settings\report
2008-06-30 19:45 . 2008-06-30 19:46 63,918 --a------ C:\WINDOWS\system32\{41957f54-8c2c-de81-f2a7-893c69fd2cf2}.dll-uninst.exe
2008-06-29 23:03 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-29 19:49 . 2008-06-29 19:50 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-06-29 19:49 . 2008-07-03 14:03 <DIR> d-------- C:\Program Files\AdvancedAdvisor
2008-06-16 21:54 . 2008-06-29 22:47 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-06-16 21:54 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2008-06-16 21:54 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2008-06-16 21:54 . 1999-02-16 20:49 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-16 21:54 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-06-16 21:54 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2008-06-16 21:54 . 2000-06-13 00:00 2,493 --a------ C:\WINDOWS\system32\COMCTL32.DEP
2008-06-16 21:53 . 2008-06-16 21:53 <DIR> d-------- C:\Program Files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 03:00 --------- d-----w C:\Program Files\QuickTime
2008-07-06 03:00 --------- d-----w C:\Program Files\ltmoh
2008-07-04 00:41 --------- d-----w C:\Documents and Settings\USER\Application Data\iolo
2008-07-03 21:21 --------- d-----w C:\Program Files\iolo
2008-07-03 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-30 08:46 --------- d-----w C:\Documents and Settings\USER\Application Data\LimeWire
2008-06-17 02:21 29,696 ----a-w C:\WINDOWS\system32\iolobtdfg.exe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 23:55 8,704 ----a-w C:\WINDOWS\system32\smrgdf.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 06:16 --------- d-----w C:\Program Files\My Downloaded Games
2008-05-08 06:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-08 06:15 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-05-08 06:15 --------- d-----w C:\Program Files\AWS
2008-05-08 06:15 --------- d-----w C:\Documents and Settings\USER\Application Data\WeatherBug
2008-05-08 06:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 23:36 428,904 ----a-w C:\WINDOWS\system32\Incinerator.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-05_ 6.28.05.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 13:23:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 06:54:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 13,312 2003-03-31 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 15:21 198184]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [N/A]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-03-03 12:57 278528 C:\WINDOWS\system32\TPSMain.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-05-07 11:54:09 155648]
Wireless Configuration Utility HW.15.lnk - C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-01-30 14:57:42 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Toshiba\\Windows Utilities\\TACSPROP.exe"=

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 14:52]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 SR Agent;Secure Resolutions Managed Agent;C:\Program Files\Sr\AgentSvc.exe [2005-07-16 21:13]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys []
S3 npkycryp;npkycryp;E:\maple story\npkycryp.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f97f56-94bd-11dc-a167-0014d134f3b7}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 01:28:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-07-08 1:30:27
ComboFix-quarantined-files.txt 2008-07-08 08:30:20
ComboFix2.txt 2008-07-05 13:28:37

Pre-Run: 5,567,348,736 bytes free
Post-Run: 5,631,623,168 bytes free

163 --- E O F --- 2008-06-20 16:20:44
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 7th, 2008, 4:34 am

here is the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:43 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Sr\AgentFrm.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\USER\Desktop\HJT\removal.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2481735171
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 7509 bytes
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 7th, 2008, 5:00 am

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit



Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java(TM) 6 Update 3 and click on Change/Remove to uninstall it.
  2. Repeat for these old versions of JRE:
      < older versions to remove as shown >
  3. Click here to visit Java's website.
  4. Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
  5. Select Windows from the drop-down list for Platform.
  6. Select Multi-language from the drop-down list for Language.
  7. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  8. Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
  9. Run this installation to update your Java.


: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt


1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image

  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Please post above reports
let me know how things are!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 8th, 2008, 3:24 am

Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 5.1.2600 Service Pack 2

10:12:47 PM 7/8/2008
mbam-log-7-8-2008 (22-12-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 100079
Time elapsed: 39 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.

Files Infected:
C:\QooBox\Quarantine\C\regxpcom.exe.vir (Trojan.FBrowsingAdvisor) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\mjc\mjc.exe.vir (Adware.MJC) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spc.dll.vir (Adware.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir (Trojan.Dropper) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b155.exe.vir (Trojan.BHO) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir (Trojan.DownLoader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\g75.exe.vir (Adware.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifdcARj.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDurpq.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\f10\kscomdll3.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\modtrux18\modtrux182328.exe.vir (Trojan.DownLoader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mp\dvsid140.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vec3\wesamdir.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\xsir\dragGLL1.exe.vir (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP599\A0264377.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP599\A0265350.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP599\A0265351.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP599\A0265385.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP599\A0267523.dll (Adware.Vapsup) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269636.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269637.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269638.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269639.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269640.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269641.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269642.exe (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0269643.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP600\A0270582.dll (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0270953.exe (Adware.MJC) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0270955.dll (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0270967.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271009.dll (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271011.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271015.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271016.exe (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271020.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271023.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271030.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP603\A0271032.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP605\A0272055.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP606\A0272134.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP606\A0272135.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP606\A0272136.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP606\A0272137.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP606\A0272139.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> No action taken.
C:\WINDOWS\system32\{41957f54-8c2c-de81-f2a7-893c69fd2cf2}.dll-uninst.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> No action taken.


KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 08, 2008 04:32:20
Records in database: 924835


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 61502
Threat name 15
Infected objects 24
Suspicious objects 0
Duration of the scan 01:21:52

File name Threat name Threats count
C:\Documents and Settings\USER\.housecall6.6\Quarantine\setup.exe.bac_a02240 Infected: not-a-virus:AdWare.Win32.TrafficSol.o 1

C:\Documents and Settings\USER\.housecall6.6\Quarantine\setup.exe.bac_a02240 Infected: not-a-virus:AdWare.Win32.BHO.adj 1

C:\Documents and Settings\USER\.housecall6.6\Quarantine\setup.exe.bac_a02240 Infected: not-a-virus:AdWare.Win32.BHO.ww 1

C:\Documents and Settings\USER\Application Data\iolo\SafetyNet\Manual\{E18709EE-6C85-4490-82B0-B3A7D68ECF0C}\{0D7B504D-4015-4F98-9F85-D84428B6281A}.dll Infected: not-a-virus:AdWare.Win32.CommAd.a 1

C:\Documents and Settings\USER\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.17265 Infected: not-a-virus:AdWare.Win32.CommAd.a 1

C:\Documents and Settings\USER\Desktop\NNuninstall.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1

C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-1.dll Infected: not-a-virus:AdWare.Win32.Agent.ahl 1

C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-2.dll Infected: not-a-virus:AdWare.Win32.Agent.ahl 1

C:\QooBox\Quarantine\C\Documents and Settings\USER\lsass.exe.vir Infected: Backdoor.Win32.VB.ehs 1

C:\QooBox\Quarantine\C\Program Files\AntiSpywareMaster\shit.exe.vir Infected: not-a-virus:FraudTool.Win32.AntiSpywareExpert.s 1

C:\QooBox\Quarantine\C\Program Files\Zumie\zopt.exe.vir Infected: not-a-virus:AdWare.Win32.OneStep.p 1

C:\QooBox\Quarantine\C\Program Files\Zumie\zumie.dll.vir Infected: not-a-virus:AdWare.Win32.OneStep.l 1

C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir Infected: Trojan-Downloader.Win32.VB.dck 1

C:\QooBox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir Infected: Trojan-Downloader.Win32.VB.dck 1

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\rdpwdd.sys.zip Infected: Rootkit.Win32.Agent.aol 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dxutsx.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\eeybpm.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hqykttyk.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kuhyoyvv.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lhtxedvb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nagcqdjc.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\WinNB55.dll.vir Infected: not-a-virus:AdWare.Win32.Mirar.af 1

C:\QooBox\Quarantine\C\WINDOWS\system32\xdulewds.VIR.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.zjl 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yayaxYrS.dll.vir Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 8th, 2008, 6:34 am

when you ran malwarebytes you haven't clicked on fix selected items hence -> No action taken.
can you run that again for me.
Post the report and a HJT log, let me know how things are!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 10th, 2008, 12:18 am

How we doing?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby Simon V. » July 14th, 2008, 4:04 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 331 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware